前言
接上篇 《記一次centos掛載ceph存儲的坑》 服務器重做了centos7.5版本的操作系統,剩下就是安裝docker,考慮yum安裝耗時較長,我一般都是直接安裝二進制版本docker包,下面我們看下如何離線部署docker
安裝步驟
國際慣例,看說明書選版本
說明書傳送門:https://docs.docker.com/engine/install/binaries/
里面有一項比較重要的說明:
Version 3.10 or higher of the Linux kernel. The latest version of the kernel available for your platform is recommended.
不過我們已經升級了centos7.5, 看了一下內核版本
uname -r
3.10.0-862.el7.x86_64
看着沒有什么問題,docker二進制包下載地址:https://download.docker.com/linux/static/stable/x86_64/ ,挑來挑去,准備裝前個版本最后的stable版本:docker-19.03.9.tgz,這個版本我們用的也比較多
安裝步驟
解壓壓縮包
建個目錄,我的是/home/docker,把壓縮文件放在目錄里,執行 tar zxvf docker-19.03.9.tgz
生成docker服務文件
cat > /etc/systemd/system/docker.service <<"EOF"
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.io
[Service]
Environment="PATH=/home/docker/docker:/bin:/sbin:/usr/bin:/usr/sbin"
ExecStart=/home/docker/docker/dockerd --log-level=error -H unix:///var/run/docker.sock
ExecReload=/bin/kill -s HUP $MAINPID
Restart=on-failure
RestartSec=5
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
生成docker配置文件
sudo iptables -P FORWARD ACCEPT
mkdir -p /etc/docker/
cat > /etc/docker/docker-daemon.json <<EOF
{
"insecure-registries":["192.xx.xx.8:5000","registry.xxx.com"],
"registry-mirrors": ["https://jk4bb75a.mirror.aliyuncs.com", "https://docker.mirrors.ustc.edu.cn"],
"max-concurrent-downloads": 20
}
EOF
啟動docker
systemctl stop firewalld && systemctl disable firewalld
/usr/sbin/iptables -F && /usr/sbin/iptables -X && /usr/sbin/iptables -F -t nat && /usr/sbin/iptables -X -t nat
/usr/sbin/iptables -P FORWARD ACCEPT
systemctl daemon-reload && systemctl enable docker && systemctl restart docker
for intf in /sys/devices/virtual/net/docker0/brif/*; do echo 1 > $intf/hairpin_mode; done
export PATH=/home/docker/docker/:$PATH
PS: export PATH=/home/docker/docker/:$PATH 可以寫到/etc/profile文件中
確認docker是否正常
systemctl status docker.service 查看docker狀態,確保是running。
如果有問題,修改service文件,然后重啟
systemctl daemon-reload && systemctl restart docker.service
一切看起來是十分的完美,國際慣例,沒病走兩步,運行hello-world試下:
docker run hello-world
docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:430: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown.
ERRO[0000] error waiting for container: context canceled
First WTF!
OCI runtime create failed 問題定位與解決
官網文檔里搜一把
隨便點開幾個看了一下,系統版本不一樣,但是說的都是一個事,操作系統內核版本和docker版本不對應,升級內核或降低版本,不是說好的 3.10 內核版本是可以的嗎?都正常啟動了
降版本至docker-18.09.9,仍然失敗
下載docker-18.09.9.tgz,解壓覆蓋docker文件夾,直接重啟即可
一切看起來是十分的完美,沒病走兩步,運行hello-world試下:
docker run hello-world
docker: Error response from daemon: OCI runtime create failed: container_linux.go:xxx: starting container process caused "process_linux.go:xxx: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown.
ERRO[0000] error waiting for container: context canceled
Double WTF!
降版本至docker-18.06.3
下載docker-18.06.3-ce.tgz,解壓覆蓋docker文件夾,直接重啟即可
docker run --rm hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
令人親切的hello-world終於出來了
總結
Centos7 的內核版本默認都是3.10系列,我這邊兩個3.10.0-862內核版本的系統安裝18.09和19.03都能正常啟動,但是就是無法正常運行容器,不升級內核只能安裝18.06版本,這邊還有一台機器是centos7.7,內核版本是3.10.0-1062.18.1.el7.x86_6,是可以正常跑docker 19.03版本的,僅供參考,如果運行容器出現 OCI runtime create failed 優先考慮系統內核版本兼容性問題,早期的Ubuntu安裝新版本的docker也有這樣的問題,一般也是降版本或升級內核解決